Is WEP still a thing?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
15
down vote
favorite
I was studying the Wi-Fi security section for a pentesting certification the other day and there is an extensive part about cracking WEP. Is going in-depth on WEP cracking worth it anymore?
According to this statistic: https://wigle.net/stats# about 7% of Wi-Fi networks still use WEP for encryption today. It's not a lot, but at the same time it is a lot considering that WEP was deprecated in 2004.
Thoughts?
encryption wifi wep
add a comment |Â
up vote
15
down vote
favorite
I was studying the Wi-Fi security section for a pentesting certification the other day and there is an extensive part about cracking WEP. Is going in-depth on WEP cracking worth it anymore?
According to this statistic: https://wigle.net/stats# about 7% of Wi-Fi networks still use WEP for encryption today. It's not a lot, but at the same time it is a lot considering that WEP was deprecated in 2004.
Thoughts?
encryption wifi wep
add a comment |Â
up vote
15
down vote
favorite
up vote
15
down vote
favorite
I was studying the Wi-Fi security section for a pentesting certification the other day and there is an extensive part about cracking WEP. Is going in-depth on WEP cracking worth it anymore?
According to this statistic: https://wigle.net/stats# about 7% of Wi-Fi networks still use WEP for encryption today. It's not a lot, but at the same time it is a lot considering that WEP was deprecated in 2004.
Thoughts?
encryption wifi wep
I was studying the Wi-Fi security section for a pentesting certification the other day and there is an extensive part about cracking WEP. Is going in-depth on WEP cracking worth it anymore?
According to this statistic: https://wigle.net/stats# about 7% of Wi-Fi networks still use WEP for encryption today. It's not a lot, but at the same time it is a lot considering that WEP was deprecated in 2004.
Thoughts?
encryption wifi wep
edited Aug 6 at 16:29
asked Aug 6 at 16:17
Tudor
18917
18917
add a comment |Â
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
27
down vote
accepted
Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.
That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.
In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.
But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).
So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.
In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:
All Entries
-------------------
464,429,878 (Total)
31,800,699 (WEP)
---WEP: 6.85%---
Updated since 2014
-------------------
343,970,477 (Total)
8,550,789 (WEP)
---WEP: 2.49%---
Updated since 2016
-------------------
233,996,263 (Total)
4,374,629 (WEP)
---WEP: 1.87%---
Updated since 2017
-------------------
158,548,717 (Total)
2,707,548 (WEP)
---WEP: 1.71%---
As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.
1
old wii consoles can only connect to WEP security routers
â Tschallacka
2 days ago
@Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
â YLearn
2 days ago
4
I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
â Joshua
2 days ago
@Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
â Deduplicator
2 days ago
Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
â Azteca
yesterday
add a comment |Â
up vote
3
down vote
I have been studying WEP as a project in school (great examples of what should not do in crypto !).
When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).
In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.
5
Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
â nbering
Aug 6 at 18:18
1
@nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
â YLearn
Aug 7 at 0:49
add a comment |Â
up vote
3
down vote
WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.
Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
27
down vote
accepted
Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.
That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.
In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.
But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).
So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.
In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:
All Entries
-------------------
464,429,878 (Total)
31,800,699 (WEP)
---WEP: 6.85%---
Updated since 2014
-------------------
343,970,477 (Total)
8,550,789 (WEP)
---WEP: 2.49%---
Updated since 2016
-------------------
233,996,263 (Total)
4,374,629 (WEP)
---WEP: 1.87%---
Updated since 2017
-------------------
158,548,717 (Total)
2,707,548 (WEP)
---WEP: 1.71%---
As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.
1
old wii consoles can only connect to WEP security routers
â Tschallacka
2 days ago
@Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
â YLearn
2 days ago
4
I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
â Joshua
2 days ago
@Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
â Deduplicator
2 days ago
Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
â Azteca
yesterday
add a comment |Â
up vote
27
down vote
accepted
Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.
That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.
In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.
But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).
So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.
In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:
All Entries
-------------------
464,429,878 (Total)
31,800,699 (WEP)
---WEP: 6.85%---
Updated since 2014
-------------------
343,970,477 (Total)
8,550,789 (WEP)
---WEP: 2.49%---
Updated since 2016
-------------------
233,996,263 (Total)
4,374,629 (WEP)
---WEP: 1.87%---
Updated since 2017
-------------------
158,548,717 (Total)
2,707,548 (WEP)
---WEP: 1.71%---
As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.
1
old wii consoles can only connect to WEP security routers
â Tschallacka
2 days ago
@Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
â YLearn
2 days ago
4
I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
â Joshua
2 days ago
@Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
â Deduplicator
2 days ago
Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
â Azteca
yesterday
add a comment |Â
up vote
27
down vote
accepted
up vote
27
down vote
accepted
Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.
That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.
In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.
But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).
So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.
In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:
All Entries
-------------------
464,429,878 (Total)
31,800,699 (WEP)
---WEP: 6.85%---
Updated since 2014
-------------------
343,970,477 (Total)
8,550,789 (WEP)
---WEP: 2.49%---
Updated since 2016
-------------------
233,996,263 (Total)
4,374,629 (WEP)
---WEP: 1.87%---
Updated since 2017
-------------------
158,548,717 (Total)
2,707,548 (WEP)
---WEP: 1.71%---
As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.
Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.
That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.
In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.
But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).
So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.
In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:
All Entries
-------------------
464,429,878 (Total)
31,800,699 (WEP)
---WEP: 6.85%---
Updated since 2014
-------------------
343,970,477 (Total)
8,550,789 (WEP)
---WEP: 2.49%---
Updated since 2016
-------------------
233,996,263 (Total)
4,374,629 (WEP)
---WEP: 1.87%---
Updated since 2017
-------------------
158,548,717 (Total)
2,707,548 (WEP)
---WEP: 1.71%---
As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.
answered Aug 6 at 19:46
YLearn
2,66711022
2,66711022
1
old wii consoles can only connect to WEP security routers
â Tschallacka
2 days ago
@Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
â YLearn
2 days ago
4
I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
â Joshua
2 days ago
@Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
â Deduplicator
2 days ago
Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
â Azteca
yesterday
add a comment |Â
1
old wii consoles can only connect to WEP security routers
â Tschallacka
2 days ago
@Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
â YLearn
2 days ago
4
I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
â Joshua
2 days ago
@Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
â Deduplicator
2 days ago
Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
â Azteca
yesterday
1
1
old wii consoles can only connect to WEP security routers
â Tschallacka
2 days ago
old wii consoles can only connect to WEP security routers
â Tschallacka
2 days ago
@Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
â YLearn
2 days ago
@Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
â YLearn
2 days ago
4
4
I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
â Joshua
2 days ago
I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
â Joshua
2 days ago
@Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
â Deduplicator
2 days ago
@Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
â Deduplicator
2 days ago
Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
â Azteca
yesterday
Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
â Azteca
yesterday
add a comment |Â
up vote
3
down vote
I have been studying WEP as a project in school (great examples of what should not do in crypto !).
When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).
In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.
5
Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
â nbering
Aug 6 at 18:18
1
@nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
â YLearn
Aug 7 at 0:49
add a comment |Â
up vote
3
down vote
I have been studying WEP as a project in school (great examples of what should not do in crypto !).
When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).
In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.
5
Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
â nbering
Aug 6 at 18:18
1
@nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
â YLearn
Aug 7 at 0:49
add a comment |Â
up vote
3
down vote
up vote
3
down vote
I have been studying WEP as a project in school (great examples of what should not do in crypto !).
When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).
In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.
I have been studying WEP as a project in school (great examples of what should not do in crypto !).
When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).
In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.
answered Aug 6 at 17:27
Faulst
1392
1392
5
Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
â nbering
Aug 6 at 18:18
1
@nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
â YLearn
Aug 7 at 0:49
add a comment |Â
5
Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
â nbering
Aug 6 at 18:18
1
@nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
â YLearn
Aug 7 at 0:49
5
5
Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
â nbering
Aug 6 at 18:18
Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
â nbering
Aug 6 at 18:18
1
1
@nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
â YLearn
Aug 7 at 0:49
@nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
â YLearn
Aug 7 at 0:49
add a comment |Â
up vote
3
down vote
WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.
Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored
add a comment |Â
up vote
3
down vote
WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.
Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored
add a comment |Â
up vote
3
down vote
up vote
3
down vote
WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.
Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored
WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.
Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored
answered Aug 6 at 20:49
Mr. E
1,545416
1,545416
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f191060%2fis-wep-still-a-thing%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password